# FastAPI Missing Request Validation

- ID: fastapi-missing-validation
- Severity: MEDIUM
- CWE: Improper Input Validation (CWE-20)
- Languages: Python
- Frameworks: fastapi

## Description

Detects FastAPI endpoints that accept raw Request objects instead of
Pydantic models. This bypasses FastAPI's automatic validation and can
lead to type confusion and injection vulnerabilities.

## Remediation

Use Pydantic models instead of raw Request objects for automatic validation.

```python
from pydantic import BaseModel, EmailStr, Field

class UserCreate(BaseModel):
    username: str = Field(min_length=3, max_length=50)
    email: EmailStr

@app.post("/users")
async def create_user(user: UserCreate):
    return {"user": user}
```

Learn more: https://shoulder.dev/learn/python/cwe-20/missing-validation

## Documentation

[object Object]

## Related Rules

- **Business Logic Input Validation** [MEDIUM]: 
- **Echo Missing Input Validation** [MEDIUM]: 
- **Fiber Missing Input Validation** [MEDIUM]: 
- **Gin Missing Input Validation** [MEDIUM]: 
- **Business Logic Input Validation** [MEDIUM]: